home

deinstaller.exe

White Sea Media

The application deinstaller.exe by White Sea Media has been detected as adware by 31 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
Publisher:
White Sea Media  (signed and verified)

MD5:
ec78aa975c93ed92ece16728832317ed

SHA-1:
b96862798eb369eda305b7ad5481f6e6684db37b

SHA-256:
0d032453ef706383e98fbfc0a97fa6c9e9c6fe748b645f708705376888ec9400

Scanner detections:
31 / 68

Status:
Adware

Explanation:
Part of a backdoor IRC bot network.

Analysis date:
4/23/2024 4:26:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11002588
463

Avira AntiVirus
TR/BitMin.mh.2
7.11.192.172

avast!
Win32:BitCoinMiner-FC [Trj]
2014.9-151029

AVG
Generic
2016.0.2941

Bitdefender
Trojan.Generic.11002588
1.0.20.1510

Bkav FE
HW32.Packed
1.3.0.6267

Comodo Security
UnclassifiedMalware
20283

Dr.Web
Trojan.BtcMine.221
9.0.1.0302

ESET NOD32
Win32/CoinMiner.ND
9.10829

Fortinet FortiGate
W32/BitMin.MI!tr
10/29/2015

F-Secure
Trojan.Generic.11002588
11.2015-29-10_5

G Data
Trojan.Generic.11002588
15.10.24

IKARUS anti.virus
Win32.BitCoinMiner
t3scan.1.8.5.0

K7 AntiVirus
Trojan
13.186.14245

Kaspersky
Trojan.Win32.BitMin
14.0.0.1200

McAfee
Artemis!EC78AA975C93
5600.6597

MicroWorld eScan
Trojan.Generic.11002588
16.0.0.906

NANO AntiVirus
Trojan.Win32.BitMin.ctdmcs
0.28.6.63850

Norman
CoinMiner.S
11.20151029

nProtect
Trojan.Generic.11002588
14.12.03.01

Panda Antivirus
Generic Malware
15.10.29.10

Qihoo 360 Security
Win32/Trojan.380
1.0.0.1015

Quick Heal
Trojan.BitMin.gw6
10.15.14.00

Reason Heuristics
PUP.WhiteSeaMedia.Installer (M)
15.10.29.22

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0UE114
7.2.302

Trend Micro
TROJ_GEN.R0CBC0UE114
10.465.29

Vba32 AntiVirus
Trojan.BitMin
3.12.26.3

VIPRE Antivirus
Backdoor.Win32.Ircbot.gen
35432

ViRobot
Trojan.Win32.S.Agent.1259232
2011.4.7.4223

Zillya! Antivirus
Trojan.BitMin.Win32.79
2.0.0.1999

File size:
1.2 MB (1,259,232 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\vlc player gpu+\deinstaller.exe

Digital Signature
Signed by:
White Sea Media

Authority:
COMODO CA Limited

Valid from:
7/8/2013 2:00:00 AM

Valid to:
7/9/2014 1:59:59 AM

Subject:
CN=White Sea Media, O=White Sea Media, STREET=4142 Mariner Blvd, L=Spring Hill, S=FL, PostalCode=34609, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1FB235ACA7565BA27ADC702B2BD05C7F

File PE Metadata
Compilation timestamp:
1/14/2014 5:02:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
24576:i2PsJYK57kmc8D3qByxl/R18Pz8jzOOhsegGV8C/FqwGmkham7kdPn0I:i2Pup57Hcq+Gl/reKOOZ/Bkham20I

Entry address:
0x33F000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 90, 12, 00, 2D, 8F, 8E, 0A, 10, 05, 84, 8E, 0A, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 62, FA, C1, 10, 68, A4, 0B, 55, 1E, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 68, 0A, E2, 68, 05, 8B, 90, 2D, AE, 3B, 22, AA, 3E, E5...
 
[+]

Code size:
38 KB (38,912 bytes)

Remove deinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.